package cn.jbooter.shiro.autoconfigure.filter.spring_session.authz;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import cn.jbooter.shiro.autoconfigure.util.ShiroUtil;


/**
 * spring-session的rest接口权限拦截器
 * @author hejian
 *
 */
public class SSRestPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {

	private static final Logger logger = LoggerFactory.getLogger(SSRestPermissionsAuthorizationFilter.class);
	
	/**
	 * 如果被授权拒绝,直接向客户端返回授权失败信息
	 */
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
		logger.info("无权限的访问:"+super.getPathWithinApplication(request));
		ShiroUtil.writeAuthzFail("被拒绝的访问!", (HttpServletResponse)response);
		return false;
	}

}
